Asked by:

Question

Ok cardspace is dead. so ok! long live cardspace (as openid connect). But openid connect will never quite be cardspace, so tightly linked in with web services and bindings.

So to whats left of cardspace-era mechanisms in dotnet 4,5

What is the difference on the wire between a svc exposing wshttpbinding with issuedtoken credential type, and that same svc with a second endpoint bound to wsfederation where the sts address is "any" (logically invoking cardspace and idp selection,
given claims metadata matching)?

In the latter, full secureconversation supported by saml token ocCurs (with proof tokens). What about the former? Is it just a saml bearer token in a soap header, possiblly encrypted using the service cert for asymmetric key transport?

All replies

I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.

Best Regards,
Amy Peng

<THE CONTENT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, WHETHER EXPRESS OR IMPLIED>
Thanks
MSDN Community Support

Please remember to "Mark as Answer" the responses that resolved your issue. It is a common way to recognize those who have helped you, and makes it easier for other visitors to find the resolution later.

Ive done all that, becoming very familiar with wsfederation, with messaging or mixed mode tokens over ssl. And, as you imply, i&a tool injects wif into the wcf dispatcher pipeline, with svcutil building proxies and client side config.